diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2013-08-09 17:21:23 +0200 |
|---|---|---|
| committer | Michał Górny <mgorny@gentoo.org> | 2013-08-09 22:40:22 +0200 |
| commit | 1fa3b55b1bfbbee4976dc955d22f0d1aec1bb12b (patch) | |
| tree | b633f719f32cf158a7a734bdbbcbd726bd761292 /okupy | |
| parent | Revoke used tokens atomically. (diff) | |
| download | identity.gentoo.org-1fa3b55b1bfbbee4976dc955d22f0d1aec1bb12b.tar.gz identity.gentoo.org-1fa3b55b1bfbbee4976dc955d22f0d1aec1bb12b.tar.bz2 identity.gentoo.org-1fa3b55b1bfbbee4976dc955d22f0d1aec1bb12b.zip | |
Re-use TOTPDevice for handling 'OTP disabled'.
There's no point in having a special device that checks if TOTP secret
is set. Let's just do that in TOTPDevice.
Diffstat (limited to 'okupy')
| -rw-r--r-- | okupy/otp/__init__.py | 15 | ||||
| -rw-r--r-- | okupy/otp/nootp/__init__.py | 0 | ||||
| -rw-r--r-- | okupy/otp/nootp/models.py | 12 | ||||
| -rw-r--r-- | okupy/otp/totp/models.py | 4 | ||||
| -rw-r--r-- | okupy/settings/__init__.py | 1 | ||||
| -rw-r--r-- | okupy/tests/settings.py | 1 |
6 files changed, 6 insertions, 27 deletions
diff --git a/okupy/otp/__init__.py b/okupy/otp/__init__.py index 0bee7e8..a009006 100644 --- a/okupy/otp/__init__.py +++ b/okupy/otp/__init__.py @@ -3,7 +3,6 @@ from django_otp import login as otp_login from django_otp.middleware import OTPMiddleware -from .nootp.models import NoOTPDevice from .sotp.models import SOTPDevice from .totp.models import TOTPDevice @@ -14,14 +13,6 @@ def init_otp(request): request.user.is_verified(). """ - nodev, created = NoOTPDevice.objects.get_or_create( - user=request.user, - defaults={ - 'name': 'OTP-disabled pass-through', - }) - if created: - nodev.save() - tdev, created = TOTPDevice.objects.get_or_create( user=request.user, defaults={ @@ -38,9 +29,9 @@ def init_otp(request): if created: sdev.save() - # nootp may match already - if nodev.verify_token(): - otp_login(request, nodev) + # if OTP is disabled, it will match already + if tdev.verify_token(): + otp_login(request, tdev) # add .is_verified() OTPMiddleware().process_request(request) diff --git a/okupy/otp/nootp/__init__.py b/okupy/otp/nootp/__init__.py deleted file mode 100644 index e69de29..0000000 --- a/okupy/otp/nootp/__init__.py +++ /dev/null diff --git a/okupy/otp/nootp/models.py b/okupy/otp/nootp/models.py deleted file mode 100644 index cc80c58..0000000 --- a/okupy/otp/nootp/models.py +++ /dev/null @@ -1,12 +0,0 @@ -# vim:fileencoding=utf8:et:ts=4:sts=4:sw=4:ft=python - -from django_otp.models import Device - -from ..totp.models import TOTPDevice - -class NoOTPDevice(Device): - """ A fake OTP device that successfully verifies token - if user has OTP disabled. """ - - def verify_token(self, token=None): - return not TOTPDevice.objects.get(user=self.user).is_enabled() diff --git a/okupy/otp/totp/models.py b/okupy/otp/totp/models.py index 4feed21..005693f 100644 --- a/okupy/otp/totp/models.py +++ b/okupy/otp/totp/models.py @@ -52,11 +52,13 @@ class TOTPDevice(Device): def get_uri(secret): return 'otpauth://totp/identity.gentoo.org?secret=%s' % secret - def verify_token(self, token, secret=None): + def verify_token(self, token=None, secret=None): if not secret: o = self._get_secret() if not o: return True + elif not token: # (we're just being probed) + return False secret = o.secret # prevent replay attacks diff --git a/okupy/settings/__init__.py b/okupy/settings/__init__.py index d88929a..2b7ddbc 100644 --- a/okupy/settings/__init__.py +++ b/okupy/settings/__init__.py @@ -157,7 +157,6 @@ INSTALLED_APPS = ( 'django.contrib.staticfiles', 'okupy.accounts', 'okupy.otp', - 'okupy.otp.nootp', 'okupy.otp.sotp', 'okupy.otp.totp', ) diff --git a/okupy/tests/settings.py b/okupy/tests/settings.py index 1bd91b2..a27f258 100644 --- a/okupy/tests/settings.py +++ b/okupy/tests/settings.py @@ -163,7 +163,6 @@ INSTALLED_APPS = ( 'django_otp', 'okupy.accounts', 'okupy.otp', - 'okupy.otp.nootp', 'okupy.otp.sotp', 'okupy.otp.totp', 'okupy.tests' |